Ask Hackaday: Is Windows XP Source Code Leak A Bad Thing?

September 25, 2020 by 57 Comments

News comes overnight that the Windows XP source code has been leaked. The Verge says they have “verified the material as legitimate” and that the leak also includes Windows Server 2003 and some DOS and CE code as well. The thing is, it has now been more than six years since Microsoft dropped support for XP, does it really matter if the source code is made public?

The Poison Pill

As Erin Pinheiro pointed out in her excellent article on the Nintendo IP leak earlier this year (perhaps the best Joe Kim artwork of the year on that one, by the way), legitimate developers can’t really make use of leaked code since it opens them up to potential litigation. Microsoft has a formidable legal machine that would surely go after misuse of the code from a leak like this. Erin mentions in her article that just looking at the code is the danger zone for competitors.

Even if other software companies did look at the source code and implement their own improvements without crossing the legal line, how much is there still to gain? Surely companies with this kind of motivation would have reverse engineered the secret sauce of the long dead OS by now, right?

Spy vs. Spy

The next thing that comes to mind are the security implications. At the time of writing, statcount pegs Windows XP at a 0.82% market share which is still going to be a very large number of machines. Perhaps a better question to consider is what types of machines are still running it? I didn’t find any hard data to answer this question, however there are dedicated machines like MRIs that don’t have easy upgrade paths and still use the OS and there is an embedded version of XP that runs on point-of-sale, automated teller machines, set-top boxes, and other long-life hardware that are notorious for not being upgraded by their owners.

Continue reading “Ask Hackaday: Is Windows XP Source Code Leak A Bad Thing?”

Hackaday Podcast 086: News Overflow, Formula 1/3 Racer, Standing Up For Rubber Duckies, And Useless Machine Takes A Turn

September 25, 2020 by No comments

Hackaday editors Elliot Williams and Mike Szczys peruse the world of hacks. There was so much news this week that we lead off the show with a rundown to catch you up. Yet there is still no shortage of hardware hacks, with prosthetic legs for your rubber ducky, a RC cart that channels the spirit of Formula 1, and a project that brings 80’s video conferencing hardware to Zoom. There’s phosphine gas on Venus and unlimited hacking projects inside your guitar. The week wouldn’t be complete without the joy of riffing on the most useless machine concept.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 086: News Overflow, Formula 1/3 Racer, Standing Up For Rubber Duckies, And Useless Machine Takes A Turn”

Candy Slide Keeps Halloween Spooky And Socially Distant

September 25, 2020 by 7 Comments

Pandemic got you down about the prospects for Halloween this year? While you may not be able to do the Monster Mash with all your friends and family, there are plenty of ways to hand out candy while upholding social distancing practices. [WickedMakers] built a spooky six-foot candy slide to help keep their celebration in compliance with the CDC.

Their candy slide is almost entirely made of PVC, plus some gauze to mummify it and make it scarier. It’s essentially a six-foot long section of 3″ tubing supported by two ladders made of 1″ tubing that put the top four feet off the ground and a kid-friendly two feet off the ground at the receiving end. [WickedMakers] did a great job of hiding the PVC-ness of this build. We can’t help but wonder how much harder it would be to make the skeleton put the candy on the slide. Check out the build video after the break.

Need some Halloween headgear? You could always build N95 filter material into an EDM helm to hand out candy. Stay safe out there this year, and remember: always check your Halloween candy for malicious payloads.

Continue reading “Candy Slide Keeps Halloween Spooky And Socially Distant”

This Week In Security: UTorrent Vulnerable, Crowd-Sourcing Your Fail2Ban, And Cryptographers At Casinos

September 25, 2020 by 22 Comments

The uTorrent client was recently updated to fix a null pointer dereference (CVE-2020-8437), discovered by [whtaguy]. Triggering the dereference simply crashes the client — so far an actual RCE hasn’t been found. Given the nature of the null pointer dereference, it’s possible this bug is limited to denial of service. That’s extremely good, because the flaw is extremely easy to target.

BitTorrent is a clever protocol. It’s still used to distribute large files, like Linux ISOs. The concept is simple: Split a large file into small chunks. Send the chunks to a client one at a time. As each chunk is received, the client sends a copy of that chunk to the next client. As a result of this peer-to-peer (p2p) arrangement, the bandwidth available to the server is greatly multiplied. As with all other p2p arrangements, the sticking point is how to make those connections between peers, particularly when most of the world’s desktops are behind NAT routers. In practice, for two peers to share data, at least one of them has to have a port opened or forwarded to the client. This is often accomplished through Universal Plug-n-Play (UPnP) or the NAT Port Mapping Protocol (NAT-PMP). The idea of both protocols are the same; a client on an internal device can request a temporary port forward without manual intervention. Whether it’s a good idea to allow automatic port forwards is another issue for another day. Continue reading “This Week In Security: UTorrent Vulnerable, Crowd-Sourcing Your Fail2Ban, And Cryptographers At Casinos”

Hacking A Cheap Action Cam Into A Dashcam With A Microcontroller

September 25, 2020 by 15 Comments

Repurposing commodity electronics is one of the true forms of hacking, and it’s always the simple little hacks that lead to big ones. [Everett] wanted to use a $20 GoPro clone as a dash cam, so he wired a microcontroller into it to automate some actions and make it practical.

The camera turns on automatically when connected to external power like a car charger, but starting and stopping a recording and power down all had to be done manually. [Everett] wanted to automate these functions, so he opened up the camera and started probing with an oscilloscope. He found the power button, record button, 3.3 V and external 5 V traces conveniently next to each other in the top of the camera.

To automate the required functions, he wired in a PIC10 on a small breakout board, powered by the 3.3 V line. It detects if 5 V is connected to the charging port on start-up via an N-channel FET, then automatically starts a recording. When the 5 V power is switched off with the car, it waits 10 seconds before stopping the recording and switching off the camera. If no external 5 V is not detected on start-up the microcontroller does nothing, which allows the camera to be used as a normal handheld. [Everett] mounted the camera to his rearview mirror with a magnetic bracket made using a combination of a 3D printer and 3D pen.

This is a simple and practical little hack, and the firmware is available on Github. Cheap dashcams are available for similar prices, but you won’t get any hacking satisfaction that way.

The very nature of actions cameras inspire hacking. You can simply add an external battery with the help of a 3D printer, or go all out and build a gimballed helmet cam from scratch

Adding WiFi To The Acorn Electron

September 25, 2020 by 9 Comments

In the continuing quest by countless hobbyists to allow every 1980s 8-bit home computer to experience the joys of an online experience that doesn’t involve a 9600 baud modem, [Roland Leurs] has created a cartridge-based module for the Acorn Electron that adds WiFi, which he showed off at the virtual ABug conference in September 2020.

The Acorn Electron is a Synertek 6502-based computer that was released in the UK in August of 1983. It’s a budget version of the well-known BBC Micro educational/home computer, with 32 kB of RAM and featuring BBC BASIC v2 in its ROM. [Roland]’s ElkWiFi card slots into an available cartridge slot, after which the onboard ESP8266 (ESP-1 module) can be enabled and used as a WiFi modem.

Acorn Electron with Plus 1 expansion, ElkWiFi and additional expansion card inserted.

The board features the Exar ST16C2552CJ dual UART chip, one channel of which connects to the ESP-1 module, with the other channel used as an uncommitted UART header. The control logic is implemented in VHDL and flashed to the onboard Xilinx CPLD, and a 128 kB RAM module is used as WiFi data buffer.

Although a definite niche product, reading through the forum thread makes one really appreciate the technical complexity and joy once things are beginning to work reliably. It also shows one of the few cases where an ESP-1 module is used for its original purpose: as an easy way to add WiFi functionality with full WiFi and TCP stack, without burdening the main CPU.

(Thanks, BaldPower)

DIY Grout Cleaning Machine Does A Good Job

September 24, 2020 by 25 Comments

Cleaning tiled floors can be a drag. Getting the tiles themselves clean is bad enough, but often dealing with the grouted joints in between requires more elbow grease and attention to detail. It’s a tedious chore, and thus one ripe for improvement. [Elite Worm]’s cleaning machine is an excellent solution to the problem.

The machine is built entirely from scratch, using primarily 3D printed components. A fluid tank is fitted to the chassis, along with a custom 3D-printed pump run by a DC motor, to deliver cleaning product where its needed. A large DC motor is then used to spin a nylon brush which gets deep in the tile grooves to clean out the grime. The chassis is then fitted with rollers to allow it to glide along the floor. Finally, a handle is fitted which allows the user to push the tool along, with switches to turn on the spinning brush and dispense cleaning fluid.

It’s a great tool, and one which eliminates hours of scrubbing on hands and knees. We’re sure the time investment in the build will pay off before long. We’ve seen other tricky cleaning hacks before, too. Video after the break.

Continue reading “DIY Grout Cleaning Machine Does A Good Job”